Hello fellas, here you are going to learn about Email Tracking. Email tracking is a method used to obtain information from sent emails. For a smooth start, let me give you an example. Suppose that you are the attacker. You have created a file which is trustworthy by its name (let the file-name be "IDM Cracked Latest Version"). But along with this file, you did also bind (attach) an executable in background (hidden from user). This executable is nothing else but a keylogger. Hence, the file will seem useful to user but is really a spyware. Now, you mail this file to the victim and wait for him/her to open it. Here is the trap.
Most of email services doesn't provide a way for the sender to know if his/her email was seen by the receiver or just ignored. In WhatsApp, Facebook and any other messaging service, we can know if our message was read or ignored. But none of email service provide us with this feature. So if you sent a spyware file to victim, it will take for weeks to know if he/she downloaded the file or not. And your attack will be unsuccessful or it will give delayed result. This is a simple example where email tracking becomes handy. So that now we have seen the importance of Email Tracking, let us study the process in depth.
There are in general, two methods to obtain information from Emails.
- Email Tracing
- Email Tracking
Yes, Email Tracing is different from Email Tracking. To study the difference and learn what Email Tracing is, click here.. Both the procedures (Email tracing and tracking) are independent. Hence, you can directly study this article to learn tracking irrespective of studying email tracing. But I would still suggest you to go through email tracing at least once before continuing, as its an interesting and important topic.
What is Email Tracking?
To be technical, it’s a method for monitoring email delivery through the
use of a digitally time-stamped record to show the exact time and date
an email was opened.
You send an email. Your victim opens it. You get a notification in the
corner of your screen and have the time of the email being opened on
record. Every time the email is opened or a link is clicked, you’ll know
it happened.
There are mainly two kind of receipts required when an email is sent.
- Delivery Receipt - Indicates if the email is delivered or not. This receipt is provided in-built by all the email services.
- Read Receipt - Indicates if the email you sent is read by the receiver or just ignored. This service is not provided by most of email service providers. But we can still modify the service provider functions to get a read receipt.
Click to view full size image |
And Email Tracking is a methodology of obtaining read receipts of any sent email. So now let us see the advantages of email tracking before knowing how it actually works.
How is Email Tracking useful?
Email Tracking is mainly used in two fields - Spying and Marketing. Initially, email and link tracking feels like spying on your customers
or potential clients. However, nothing nefarious is happening. Using
email tracking actually saves time and increases productivity for both
you and the customer.
When you see a notification you know your email has been opened. You no
longer have to send the “did you get my email?” message unless they
actually haven’t gotten it.
Also, you’ll know exactly when people are sitting down at their desks
and has your business on their mind. If you reach out to them close to
this time, you’ll save your client time by contacting them when they’ve
already got your company on their mind. Instead of trying to get them at
a random time on a random day, they’ll already be thinking about you,
and less likely to be busy on something else.
If you notice an email being opened multiple times, then you’ll know
there’s a higher chance for engagement with them. You can tell if
they’re checking information you sent them before or after a
call/meeting.
Email tracking is great for:
- Knowing when to follow up with people.
- Providing specific information based on the feedback (For example: If they keep clicking an email about a certain product, you could send more information about it).
- Helping marketing know what’s getting clients to click onward and what’s failing to get their attention.
- Giving peace of mind that you’re getting to clients.
Now let us see how Email Tracking works.
How does Email Tracking work in general?
To understand email tracking, we must first know the importance of Web-beacon or Tracking-pixel.
- Web-beacon:A web beacon is an object embedded in a web page or email, which unobtrusively (usually invisibly) allows checking that a user has accessed the content. Common uses are email tracking and page tagging for web analytics.
- Tracking-pixel: Tracking pixel is a type of Web-beacon. A tracking pixel is a transparent image, measuring one pixel by one pixel (very small). Once imbedded on a Web page or in an email, a tracking pixel connects to a PHP file stored on your Web server. Each time the tracking pixel is viewed, it pulls the PHP file from the server, creating a logged event that lets you know exactly when and for how many times customers accessed the page or opened the message.
Now that we know about tracking pixel, we can note two of its important properties - Its transparent and when it is accessed, the event is logged along with the date-and-time stamp in the log file. When you see the log file, you can tell about when and how many times the image was accessed.
Email Tracking works the same way. You need to imbed the tracking-pixel in the email. I used the word "Imded" and not "Embed". When you embed an image, the image loads in the email and is sent to the receiver as an attachment. Hence, the log file will store the time when the email was sent - as tracking-pixel was attached (accessed) when the email was created. But when you imbed an image, a html tag including the link (<img src="link">) to that image is sent in the email. Hence, the image is loaded when the receiver opens the email. So, the log file will save the time when the image was accessed by the receiver which indirectly indicates when email was seen by the receiver.
Limitations of Email Tracking Pixel
Typically, there are no limitations of Email Tracking Pixel but there are problems which occur due to following reasons:
- The image isn’t loaded when an email is opened. Many web, desktop, and mobile email clients do not open images by default. Especially from unknown senders.
- An ad or tracking blocker is being used. Several extensions exist that block email opens from being reported.
- The image is loaded, but the email isn’t actually open. Some email clients render images as a preview, and will trigger email open false positives. The same effect is produced by Gmail's Image Caching feature.
- Some enterprise security systems will block emails w/ open tracking pixels or tracked links. Worse than email tracking not working, your email just might not actually get through.
The above was a brief list of what can cause email tracking to fail. The most important of the above is Gmail's Image Caching feature. (I cannot mention about it here due to the limitations of size og my article but you can google it.)
Some of useful tools for Email Tracking
Email tracking can be done with the help of three methods - Manual Method, Web-browser Extensions and Online Tools. Manual method is a bit harder and lengthy so I will mention it in my upcoming articles. The extensions and tools are listed here:
If you know about other good tools, write the name and link in comments. Till then, stay connected.. Thank you..